Another solution is from Zymbit which provides Zymkey security modules for Raspberry Pi based on the ATECC508A CryptoAuthentication chip in different form factor: either a USB stick, an I2C module, or for further integration into your own design, an SMT component.

Click to Enlarge

Zymkey enables multifactor device ID & authentication, data encryption & signing, key storage & generation, and physical tamper detection. It also features a secure element root of trust, a real-time clock, and a true random number generator (TRNG). The company provides a simple Python or C/C++ API to make it easier to add Zymkey support to any Linux application, and the secure module can be integrated with third party applications such as LUKS file encryption, OpenSSL, AWS IoT, or the Ethereum Blockchain. Instructions showing how to use Zymkey security module with a Raspberry Pi 3 board can be found in the getting started guide.

They have two models of the I2C security module: Zymkey 4i going for $43 and available now, and if you need support for blockchain technology, Zymkey 5i can be pre-ordered for $47 with 32 unique key slots, and support for secp256K1 curves. The 5i model is expected to ship on September 15 onwards. The USB stick version appears to be an earlier product, and I could not find it for sale right now.

Since the module simply fits into the section of the Raspberry Pi 40-pin header with I2C signals, an is controlled via a Python or C/C++ API, I suppose it should also be usable with other boards with the RPi header provided it mechanically and electrically fits.

You’ll find more details and purchase links for the I2C module on the product page.

It is not clear to me what are the benefits of these modules compared to a raw ATECC508A besides the RTC. The ATTECC508A supports only one curve which is P-256 (secp256r1). The upgraded ATECC608A only adds AES and HKDF. Do they use a secure MCU to perform additional operations like secp256k1 signatures? According to the pictures, it uses an SAML L21 which is not tamper resistant and does not have TrustZone. If it is not based on a secure microcontroller, it only provides some isolation and is certainly not resistant to physical tampering.

If you want to experiment with CryptoAuthentication with Raspberry Pi, you can buy ATECC508A/608A for <1$ in SOIC format or use a cheap breakout board (CJMCU-608).

Embedded Systems Jobs

Facebook is seeking a Software Engineer to design, develop and implement hardware-near software for accelerators and other components used in our infrastructure. This person will be an integral member of the team, responsible for embedded software de

We are a smart team of doers that work passionately to apply cutting-edge advances in and to solve real-world challenges that will transform our customers experiences in ways we cant even imagine yet. As a Firmware Engineer, you will be working with

Echo Frames is Amazon's first prescription-ready smart glasses. In this role, you will be working on the current and future roadmap for Echo Frames. The team is focused on bringing technology and design into a form that is familiar to millions of gla

Echo Frames is Amazon's first prescription-ready smart glasses. In this role, you will be working on the current and future roadmap for Echo Frames. The team is focused on bringing technology and design into a form that is familiar to millions of gla

RT-Thread was born in 2006, it is an open-source, neutral, and community-based real-time operating system. As an open-source project, RT-Thread has received strong support and contributions from the community developers and many chips and original eq